Homepage
About Snyk

snowflake-connector-python@3.6.0 vulnerabilities

Snowflake Connector for Python

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the snowflake-connector-python package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Insertion of Sensitive Information into Log File

snowflake-connector-python is a Snowflake Connector for Python

Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File due to the logging of sensitive information when the logging level is set to DEBUG. An attacker can access sensitive data such as Duo passcodes and Azure SAS tokens by obtaining access to the logs.

Note: If the SecretDetector logging formatter is enabled, could lead to incomplete JWT tokens and certain private key formats.

How to fix Insertion of Sensitive Information into Log File?

Upgrade snowflake-connector-python to version 3.12.3 or higher.

[,3.12.3)
Go back to all versions of this package